From d8303dfcd328c624f64f38bada0c0213d92cb7f4 Mon Sep 17 00:00:00 2001
From: Dominic Evans <dominic.evans@uk.ibm.com>
Date: Tue, 7 Jan 2025 16:50:33 +0000
Subject: [PATCH] build(deps): pin and group actions/*

Tell dependabot to group updates to the official actions owned by GitHub
under the [actions](/actions/org) into a single PR and update the
workflows to pin to explicit digests tracked to individual version
numbers rather than just the major tag

Signed-off-by: Dominic Evans <dominic.evans@uk.ibm.com>
---
 .github/dependabot.yml       | 4 ++++
 .github/workflows/linter.yml | 4 ++--
 .github/workflows/tests.yml  | 8 ++++----
 3 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 0c068c6c1ac..f4bfd395efd 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -16,3 +16,7 @@ updates:
   directory: /
   schedule:
     interval: weekly
+  groups:
+    actions:
+      patterns:
+      - "actions/*"
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
index 24f3d909db4..4606434fe47 100644
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -8,8 +8,8 @@ jobs:
   lint:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
-    - uses: actions/setup-go@v5
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+    - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
       with:
         go-version: 1.x
         cache-dependency-path: "**/go.sum"
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 3ab68bb7b6b..00298a5aa95 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -39,10 +39,10 @@ jobs:
     runs-on: ${{ matrix.platform }}
 
     steps:
-    - uses: actions/setup-go@v5
+    - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
       with:
         go-version: ${{ matrix.go-version }}
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
     # Get values for cache paths to be used in later steps
     - id: cache-paths
@@ -51,7 +51,7 @@ jobs:
         echo "go-mod-cache=$(go env GOMODCACHE)" >> $GITHUB_OUTPUT
 
     - name: Cache go modules
-      uses: actions/cache@v4
+      uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
       with:
         path: |
           ${{ steps.cache-paths.outputs.go-cache }}
@@ -73,4 +73,4 @@ jobs:
 
     - name: Upload coverage to Codecov
       if: ${{ matrix.update-coverage }}
-      uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 #v5.1.2
+      uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2